First published: 09 Feb 2024
Last updated: 09 Feb 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

This alert is relevant to Australian businesses, organisations, and government entities.

This alert contains a combination of simple and technical advice.

Background / What has happened?

  • The ASD’s ACSC is aware of an Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.
  • CVE-2024-21762 refers to an out-of-bounds write vulnerability that may allow Unauthenticated RCE via a specially crafted HTTP request.

Mitigation / How do I stay secure?

The ASD’s ACSC recommends business, organisations and government entities patch affected devices or disable SSL VPN if unable to patch.

Fortinet’s Fortiguard has further information on affected versions and patching.

Assistance / Where can I go for help?

Organisations or individuals that have been impacted by a cyber incident or require assistance can contact the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) or make a report online.

Your report makes a difference and helps us to produce advice that protects the broader Australian community.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?